defaultcredentials - double hop? way around this?

So im trying to make a web service that exposes powershell and some remote
registry stuff so im trying to secure this now and im having some problems.

The DefaultCredentials always comes back blank. what i found was most often
the cuase was not having impersonate on, which isnt the issue here. I have
the two entries in the web.config and the settings in IIS and if i use a
WindowsIdentity.GetCurrent().name it comes back correctly. so the asp app is
fine.

from what i can tell a "double hop" is causing this and the solution is to
modify the delegation rights of the user account or machine. unfortuantely i
dont have access to do that so i need to find a way around this.

In the end both the web app and web service will be on the same site which i
have tried, and i still get the security problem. If i host them both from
my local machine and run it from the local machine, it works just fine. If i
try to access the app from a remote system to my local system i have a
security problem with the registry calls with in the web service (the double
hop isnt the issue here, it just isnt using the passed creds...

basically i have a big of a security mess and im starting to get really
lost.. what i would like to accomplish is to have a web service that exposes
a couple of methods (two of them are powershell invokes and one is a
OpenRemoteBaseKey)

Ideally what i would like to happen is have the windows creds from the user
be passed to the web app, which then passes them to the web service, which
then uses them to make the required calls.

Share This Page

Welcome to The Coding Forums!

Welcome to the Coding Forums, the place to chat about anything related to programming and coding languages.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask questions about coding or chat with the community and help others.
Sign up now!